Cross-site scripting request forgeries
Defenses for Web Users
One browser that has incorporated this strategy is Google Chrome. Each browser tab in Chrome is actually a separate process and not a thread running within the same context as other threads (tabs). Thus, the tabs cannot interfere with each other, rendering most CSRF attacks impotent.
- Cross-Site Request Forgery (CSRF): http://www.owasp.org/index.php/Cross-Site_Request_Forgery
- Zeller, W., and Felten, E.W. "Cross-Site Request Forgeries: Exploitation and Prevention," 2008, http://www.freedom-to-tinker.com/sites/default/files/csrf.pdf
Read full article as PDF:Security_Lessons_Cross-site_Scripting_Request_Forgeries.pdf (259.83 kB)
The Bavarian capital shuns Microsoft, Google, and other alternatives to implement an open-source groupware solution.
Phone vendor partnerships bring Mark Shuttleworth's dream of Ubuntu on a phone a step closer to reality.
Donors will get to vote on new features for the free video editor.
Debian project puts init out to pasture and says no to Ubuntu's Upstart.
Ultra-sophisticated attack tool might have originated from a state-sponsored intelligence service.
New alternative for init comes with a small footprint and minimal configuration.
X marks the target for the next-generation windowing system.
Super-clone CentOS Linux gets beamed up to the mother ship.
HTML technology will enable new video editing and playback options.
New Linux distro is optimzed for gaming.